. of Arizona UCLA What is Prefix Hijack?What is Prefix Hijack? - PDF document

. of Arizona UCLA What is Prefix Hijack?What is Prefix Hijack?¥Prefix hijack: An autonomous system (AS) announces aprefix it does not own.ÐBGP routers in the Internet might believe this false route and sendpackets to the false origin.¥Consequence of Prefix hijackÐDenial of service for true origin and deceived nodesÐPotential security and privacy breaches¥Entities involved in hijack:ÐTrue origin: an AS registered to announced the prefix.ÐFalse origin: an AS announcing a prefix it does not own.ÐDeceived node: an AS believing the route to the false origin.Topology and Route Computation¥22,000 nodes and 60,000 links derived from BGP routing table snapshotsa Se Spotlight¥Why are Tier-1Õs more vulnerable thantransits?¥Which nodes have highest impact?¥Which nodes are most vulnerable?SummarySummaryConnecting to multiple tier-1Connecting to multiple tier-1ÕÕs increases resiliency is vulnerablevulnerable to hijacks, since other tier-1 nodes to hijacks, since other tier-1 nodes would prefer a customer route from the false origin.would prefer a customer route from the false origin.Important Questions¥When prefix gets hijacked, what portion of the Internet isdeceived?¥What factors influence who gets deceiv to prefix hijacks¥Validate analysis and simulation results through case studiesinvolving hijacks from BGP dataHow to cause high impact?¥Tier-1 nodes and large ISPs have huge customer base.¥If false origin deceives tier-1 node, then good chanceof deceiving customers, and cause high impact. on the provider path of false origin will be deceived. See Figure 3 explaining simulation results.High impact false origin¥False origin reaching many tier-1 nodes in short hops causes high impact in most cases.Case study¥AS 27506 announced routes belonging to over 20 different AS nodes. Figure 4 shows how impact increases when true origin is farther away from tier-1compared to the false origin.Figure 1Figure 2Impact distributionf